package com.hotdog.config;


import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.gson.Gson;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;

import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;

/**
 * 资源服务器的配置 在这个对象之中重点实现
 * 1.JET令牌解析的配置(客户带着令牌访问资源时 要对令牌进行解析)
 * 2.启动资源时的授权配置
 *
 * @author 郭鲁政
 */
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)//执行方法之前启动权限检查
public class PayServerConfig extends ResourceServerConfigurerAdapter {
    @Autowired
    private TokenStore tokenStore;

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        /*定义令牌的生成策略这里不是创建令牌而是解析令牌*/
        resources.tokenStore(tokenStore);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {

        /*放行所有的资源访问*/
        http.authorizeRequests().anyRequest().permitAll();

        http.exceptionHandling().authenticationEntryPoint(AuthenticationEntryPointError());
        http.exceptionHandling().accessDeniedHandler(getErrorInfo());
    }

    @Bean
    public AccessDeniedHandler getErrorInfo() {
        return (request, response, accessDeniedException) -> {
            Map<String, Object> map = new HashMap<>();
            map.put("states", HttpServletResponse.SC_FORBIDDEN);
            map.put("message", "抱歉那您没有访问权限");
            response.setCharacterEncoding("utf-8");
            response.setContentType("application/json;charset=utf-8");
            String s = new ObjectMapper().writeValueAsString(map);
            PrintWriter writer = response.getWriter();
            writer.println(s);
            writer.flush();
        };
    }

    @Bean
    public AuthenticationEntryPoint AuthenticationEntryPointError() {
        return (request, response, authException) -> {
            HashMap<String, Object> map = new HashMap<>();
            map.put("states", HttpServletResponse.SC_UNAUTHORIZED);
            map.put("message", "请先登录");
            response.setCharacterEncoding("utf-8");
            Gson gson = new Gson();
            String s = gson.toJson(map);
            PrintWriter writer = response.getWriter();
            writer.write(s);
            writer.flush();
        };

    }
}

